Cybercrime complaints to the FBI exceeded 300,000 in 2017 with an estimated loss of almost $1,500,000,000. The thing is, the Department of Justice estimates that only 1 in 7 criminal incidents are ever reported. That brings the estimated totals to 2,100,000 incidents and $10,500,000,000 in losses. Why is that?
First of all, if you believed you caused the attack because of an error in judgment, chances are you aren’t going to be so fast in letting anyone know. Neither would your employees. Now, very few employees, fortunately, are going to actively work at allowing cyber intrusions into your network, but simply clicking on a deceptively realistic looking phishing or spear-phishing email can open the door. Companies with effective in-house or managed IT support providers can usually determine whose mistake it was, but for many small to mid-sized businesses, the unintentional culprit will never be found.
But in some ways, that’s beside the point. The point is that your employees should have been well-trained enough that they aren’t susceptible to this kind of fraud.
If you are the boss and you know about the cyber break-in, your attitude may be that it’s unlikely that the perpetrator will ever be found so why bother? You are also way more likely to pay a ransomware demand than report the crime. It just seems easier. Except that in about 20% of the cases, the de-encryption code you need to unlock your files either never arrives or doesn’t work. This 20% would have been much better off dealing with prevention than with trying to rectify a really tough situation.
There is another growing area of cyber-crime, although it is not committed through entry into your IT infrastructure. This is IT support fraud and in 2016 there were more than 10,000 cases reported. Again, law enforcement believes the 10,000 are the tip of the iceberg. The reported losses were $800 each on average. Most of these were perpetrated against individuals, not businesses, but in today’s work-world, with many people using their own devices for work, sensitive business information that resides on an employee’s personal laptop may be stolen and used for illegitimate purposes.
The gist of this blog is to encourage two things: first, report all cyber-crime. You can never tell which case will be the one to break open a crime ring. Second, make sure your employees are well-trained in cyber-crime prevention. Fact: most ransomware and other malware intrusions are caused by employee errors that can be prevented.